[Git][security-tracker-team/security-tracker][master] 2 commits: some postponed issues for poller will be fixed

Mon Sep 30 21:22:14 BST 2019


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ebc2752 by Thorsten Alteholz at 2019-09-30T20:25:58Z
some postponed issues for poller will be fixed

- - - - -
100d346e by Thorsten Alteholz at 2019-09-30T20:26:14Z
Reserve DLA-1939-1 for poppler

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -13889,7 +13889,6 @@ CVE-2019-12494 (In Gardener before 0.20.0, incorrect access control in seed clus
 CVE-2019-12493 (A stack-based buffer over-read exists in PostScriptFunction::transform ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
 	- poppler 0.44.0-2
-	[jessie] - poppler <postponed> (patch applies cleanly, read-only, can't reproduce)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/37840827c4073dedfd37915a74eb8fe0c44843c3
 CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and  ...)
 	NOT-FOR-US: Gallagher Command Centre
@@ -37952,7 +37951,6 @@ CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allow
 	- poppler <unfixed> (low; bug #917974)
 	[buster] - poppler <ignored> (Minor issue)
 	[stretch] - poppler <ignored> (Minor issue)
-	[jessie] - poppler <postponed> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
 CVE-2018-20649


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Sep 2019] DLA-1939-1 poppler - security update
+	{CVE-2018-20650 CVE-2018-21009 CVE-2019-12493}
+	[jessie] - poppler 0.26.5-2+deb8u11
 [29 Sep 2019] DLA-1900-2 apache2 - regression update
 	[jessie] - apache2 2.4.10-10+deb8u16
 [28 Sep 2019] DLA-1938-1 file-roller - security update


=====================================
data/dla-needed.txt
=====================================
@@ -113,8 +113,6 @@ pam-python
 --
 phpbb3
 --
-poppler (Thorsten Alteholz)
---
 python2.7 (Mike Gabriel)
   NOTE: 20190930: This entry should be removed, but Mike should do that. Do not remove if you
   NOTE: 20190930: do not agree with the severity in the tracker and the ignore status.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9fc2c5b8e5294077ccbb0a61d21cae61d6fb1902...100d346e00d07d3ed553386612b1612ece25a71c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9fc2c5b8e5294077ccbb0a61d21cae61d6fb1902...100d346e00d07d3ed553386612b1612ece25a71c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190930/a6fad757/attachment-0001.html>
